WARNING: NOD32 4.2 corrupts Kaseya Server

For the record. NOD32 4.2 corrupts Kaseya Server by not only quarantining the Kserver.exe, but deleting critical related registry entries that can only be restored manually by Kaseya high-level support engineers.

And there's no clear workaround that I can see. How do you exclude registry entries? Or restored them from quarantine?

I could, but if they don't already know or care about Kaseya, it's probably a waste of time, and I've already wasted enough of that.

Click to expand...

Have you already submitted the file to ESET and it still hasn't been fixed? If so, could you tell me the date you submitted the file on as well as the subject of the email so that I can check the status of the ticket?

For my years as sysadmin, I have never ever heard about this "most popular" remote management tool until now. Please, drop these completely false presumptions based on vendor marketing blurbs.

Click to expand...

Step outside your bathroom more often... if you're a network guy, saying you've never heard of Kaseya is like saying you've never heard of Cisco or Juniper. Sorry he's not making false presumptions. Kaseya is BIG....they've been around for quite a while, and I'm confident is stating that they're the biggest remote monitoring/systems management/network management package out there.

Eset relies on the reseller model.
It's safe to assume that resellers are IT consultants and SMB consultants.
Kaseya is the biggest more popular remote systems management tool out there, and...
...following trends for remote support and management, IT consultants/SMB consultants have been turning to these tools such as Kaseya, and ZenithInfo, for quite a while now.
Logically one can arrive at the conclusion that....one of the main markets of Eset (consulting firms/VARs) are big users of Kaseya...to this wrinkle should have been found before release.

Step outside your bathroom more often... if you're a network guy, saying you've never heard of Kaseya is like saying you've never heard of Cisco or Juniper. Sorry he's not making false presumptions. Kaseya is BIG....they've been around for quite a while, and I'm confident is stating that they're the biggest remote monitoring/systems management/network management package out there.

Click to expand...

Yeah, they may be big but I've never heard about them until now, never ever. So - conclusion: either their marketing sucks even bigger time or they are not that big.

Assuming that something is 't3h world's most famous' stuff out there doesn't necessarily match reality for anyone but the OP.

Yeah, they may be big but I've never heard about them until now, never ever. So - conclusion: either their marketing sucks even bigger time or they are not that big.

Assuming that something is 't3h world's most famous' stuff out there doesn't necessarily match reality for anyone but the OP.

Click to expand...

If you're not familiar with Kaseya, you're almost certainly not familiar with Remote Monitoring and Management (RMM) software and the Managed Service Provider (MSP) IT business marketplace in general. That's as far as I want to argue that point.

But whether you are or not, and whether you agree or not, ESET should know its clientelle.

If I credit ESET with knowing their business, I have to believe that consulting firms/VARs must NOT be in ESET's target market. Either that, or they don't know their business. So either way, I might want to take that under advisement next time I recommend antivirus software to my clients.

NOD32 and Kaseya6 are enemies
Yes I had the same experience with K2 and NOD32. It was a lot of problem. NOD32 and Dr.web are 2 incompatible s/ws when it comes to "kserver.exe" file on Kserver. They simply kick kserver.exe out of the loop.

simply submit your quarantined file into the above link and you will find results

I wasted more than a month not knowing what to do and tried different scenarios installing and testing. That is all over now. Without NOD Kaseya server works perfectly.

One more warning. The story is not yet over. If you run a LAN watch (obviously you would be in a corporate. All machines would have nod32 if your organization is running on it. Atleast we have NOD32 in our environment). Once again NOD32 blocks the script from psexec.exe to push agent new version etc. I again struggled for this over a week. Had to manually diable the NOD32 on the machine where LAN watch was performed. Then it started working normally. New users be aware!!!!!

You will not find this info on Kaseya forums/blogs atleast for now. Completely remove NOD32 out of the loop!!!!!!!!!!!!

If you are taking the time to see that this file is a false positive, why not take the next step, as I suggested in the beginning of this thread, and report it to ESET as a false positive? Once we have the suspect files, we will have the Virus DB updated accordingly.

Regarding LANWatch, ESET also uses software to tie into the system at the network level. I can see how this might be a problem. Most software applications recommend temporarily disabling the antivirus software during the installation of their product. I can see why that solution worked for you.